shutterstock_184473665.jpg

Summit 7 Team Blogs

Cheat with your scripts in Exchange and Exchange Online

Hi, all! Today, I've got something that I think is really cool and helpful. I really, really wish Microsoft would do this for all of their products.

Do you want to work with Exchange or Exchange Online from PowerShell? Doing so can make repeating processes easier. Say you need to build a solution that requires creating distribution lists, creating shared mailboxes, or adding apps to Outlook. It would be great if you could first build and test it in one environment (say, a test environment), create a script to generate all of it, and then run that script in the production environment. This decreases the chance for somebody to mess something up. A script would also be very helpful for creating build documents and change records. Better yet, scripts can be stored in source control and/or kept with other project documentation. If this is something you want to do, then I've got a nice shortcut for you.

In your tenant, go to the Exchange Admin Center and go to Auditing page in Compliance Management. In the right-hand column, click "Run the admin audit log report" and specify a date range. There, you'll see everything that an admin did in Exchange, be it through the GUI or PowerShell. Pretty much everything done in the Exchange GUI can be done by PowerShell as well – and that's exactly how it's represented in the log. In the screenshot below, I enabled some apps in the tenant (FindTime, Wunderlist, and MessageHeaderAnalyzer), played with public folders a little, and released some stuff from Quarantine.

cheat_with_your_scripts_in_exchange_1

 

After adding the FindTime app, I changed its configuration so that it's enabled by default. You can see this at Arrow #2. Specifically, the Set-App cmdlet was used. The part that I think is especially cool is that the parameters used are also there in the log (Arrow #3). The parameter names are listed on the "Members" line, and the parameters/values are listed as Parameter:Value pairs underneath. This means that we can recreate the PowerShell script that was used to make the change! Take the cmdlet (Set-App) and marry them to the parameters (Arrow #3) and to get the complete command. So, with this example, we get the following command:

Set-App
-Identity
9758a0e2-7861-440f-b467-1823144e5b65
-DefaultStateForUser
"Enabled"
-OrganizationApp:$true

We can now reliably update the FindTime app so that it is enabled for all users by default. Sweet!

To take this further: You don't actually have to use the GUI to get the audit log with its cmdlets and parameters. After connecting to Exchange or Exchange Online via PowerShell, you can use the Search-AdminAuditLog cmdlet! With just a little bit of work, you can get a complete text script of everything done within a given time range. The following script does this in a fairly unsophisticated way (for example, it doesn't take into account the type of parameter except for Booleans):

$commandsRun
=
Search-AdminAuditLog
-StartDate (Get-Date).AddDays(-2) -EndDate (Get-Date) -UserIds
"[email protected]"

foreach($command
in
$commandsRun)

{

    Write-Host
"$($command.CmdletName)"
-NoNewline

    foreach($param
in
$command.CmdletParameters)

    {

        Write-Host
" -$($param.Name) "
-NoNewline

        if($param.Value -eq
"True")

        {

            Write-Host
"`$true"
-NoNewline

        }

        elseif($param.Value -eq
"False")

        {

            Write-Host
"`$false"
-NoNewline

        }

        else

        {

            Write-Host
"""$($param.Value)"""
-NoNewline

        }

    }

    Write-Host
""

}

The script above generates a new PowerShell script that contains all of the commands that I ran in the past two days. Note that you may want additional filtering, because more than just admin actions are available through this cmdlet. The results look like this:

cheat_with_your_scripts_in_exchange_2

So, if you need to generate a PowerShell script for a bunch of Exchange or Exchange Online configurations, just cheat a little by going into the Exchange Admin Center for another environment, making the changes, and then using the admin audit log to get the PowerShell script! Or use this technique to create a re-playable change log for your environment. They sky's the limit!

I hope this makes somebody's life a little easier.

SHARE THIS STORY | |
About Brian Laws

Brian is the resident Cloud Pro at Summit 7. His head is usually in the Cloud, dreaming about PowerShell and automation. He enjoys spending time with his wife and three kids. When they let him, he also enjoys playing video games, reading comics, and watching his favorite shows. He’s a geek through-and-through.